CVE-2021-37289

HIGH

Planex MZK-DP150N 1.42 and 1.43 - Unauthenticated Remote Code Execution via syscmd.asp

Title source: llm
STIX 2.1

Description

Insecure Permissions in administration interface in Planex MZK-DP150N 1.42 and 1.43 allows attackers to execute system command as root via etc_ro/web/syscmd.asp.

References (3)

Core 3
Core References
Product, Vendor Advisory x_refsource_misc
http://www.planex.co.jp/products/mzk-dp150n/
Third Party Advisory x_refsource_misc
https://jvn.jp/en/vu/JVNVU98291763/

Scores

CVSS v3 7.2
EPSS 0.0135
EPSS Percentile 67.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-276
Status published
Products (2)
planex/mzk-dp150n_firmware 1.42
planex/mzk-dp150n_firmware 1.43
Published Aug 22, 2022
Tracked Since Feb 18, 2026